<?php
!function_exists('readover') && exit('Forbidden');
$wind_in='medal';
include_once(D_P.'data/bbscache/md_config.php');
include_once(D_P.'data/bbscache/medaldb.php');
include_once(R_P.'require/showimg.php');
!$md_ifopen && Showmsg('medal_close');

$userdb = $db->get_one("SELECT medals,icon FROM pw_members WHERE uid='$winduid'");
if($userdb['medals']){
	$userdb['medals'] = explode(',',$userdb['medals']);
} else{
	$userdb['medals'] = '';
}
$userface = showfacedesign($userdb['icon']);
InitGP(array('action'));

if(!$action){
	if($userdb['medals']){
		$ifunset = 0;
		foreach($userdb['medals'] as $key=>$val){
			if(!array_key_exists($val,$_MEDALDB)){
				unset($userdb['medals'][$key]);
				$ifunset = 1;
			}
		}
		if($ifunset){
			$newmedals = implode(',',$userdb['medals']);
			$db->update("UPDATE pw_members SET medals='$newmedals' WHERE uid='$winduid'");
			!$newmedals && updatemedal_list();
		}
	}
	require_once PrintHack('index');footer();
} elseif($action=='list'){
	$groupid == 'guest' && Showmsg('not_login');
	if(!file_exists(D_P.'data/bbscache/medals_list.php')){
		updatemedal_list();
	}
	$uids = substr(readover(D_P.'data/bbscache/medals_list.php'),12);
	if($uids){
		InitGP(array('page'));
		require_once(R_P.'require/forum.php');
		(!is_numeric($page) || $page < 1) && $page = 1;
		$limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage";
		$rt    = $db->get_one("SELECT COUNT(*) AS sum FROM pw_members WHERE uid IN($uids)");
		$pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&action=list&");
	
		$listdb=array();
		$query = $db->query("SELECT uid,username,medals FROM pw_members WHERE uid IN($uids) ORDER BY uid $limit");
		while($rt = $db->fetch_array($query)){
			$medals='';
			$md_a = explode(',',$rt['medals']);
			foreach($md_a as $key=>$value){
				if($value){
					if(strpos($md_groups,",$groupid,")!==false){
						$medals.="<a href=\"$basename&action=award&type=2&pwuser=$rt[username]&medal=$value\" target=\"_blank\"><img src=\"$hkimg/{$_MEDALDB[$value][picurl]}\" title=\"{$_MEDALDB[$value][name]}\"></a> ";
					}else{
						$medals.="<img src=\"$hkimg/{$_MEDALDB[$value][picurl]}\" title=\"{$_MEDALDB[$value][name]}\"> ";	
					}
				}
			}
			$rt['medals'] = $medals;
			$listdb[] = $rt;
		}
	}
	
	require_once PrintHack('index');footer();
} elseif($action=='award'){
	if(strpos($md_groups,",$groupid,")===false){
		Showmsg('medal_groupright');
	}
	if(!$_POST['step']){
		InitGP(array('type','pwuser','medal'));
		if($type==2){
			$type_2="checked";
			$type_1="";
		}else{
			$type_1="checked";
			$type_2="";
		}
		require_once PrintHack('index');footer();
	} elseif($_POST['step']=="2"){
		InitGP(array('pwuser','reason','medal','type','timelimit'),null,'1');
		strpos($pwuser,',') && $pwuser = explode(',',$pwuser);
		$medal  = (int)$medal;
		!$medal && Showmsg('medal_nomedal');
		$reason = Char_cv($reason);
		!$reason && Showmsg('medal_noreason');
		$timelimit = (int)$timelimit;
		require_once(R_P.'require/msg.php');
		if(is_array($pwuser)){
			foreach($pwuser as $key=>$val){
				if(!$val){
					unset($pwuser[$key]);
				}else{
					$pwuser[$key] = "'".$val."'";
				}
			}
			$pwuser = implode(',',$pwuser);
		}else{
			$pwuser = "'".$pwuser."'";
		}
		!$pwuser && Showmsg('username_empty');
		
		$rs = $db->query("SELECT uid,username,medals FROM pw_members WHERE username IN($pwuser)");

		$awardusers = array();
		while ($rt = $db->fetch_array($rs)){
			Add_S($rt);
			if($type==1){
				if($rt['medals'] && strpos(",$rt[medals],",",$medal,")!==false){
					$erroruser = $rt['username'];
					Showmsg('medal_alreadyhave');
				} elseif($rt['medals']){
					$rt['medals']="$rt[medals],$medal";
				} else{
					$rt['medals']=$medal;
				}
			}elseif($type==2){
				if(!$rt['medals'] || strpos(",$rt[medals],",",$medal,")===false){
					$erroruser = $rt['username'];
					Showmsg('medal_none');
				} else{
					$rt['medals']=substr(str_replace(",$medal,",',',",$rt[medals],"),1,-1);
				}
			}else{
				Showmsg('illegal_request');
			}
			$awardusers[] = $rt;
		}
		!count($awardusers) && Showmsg('medal_nouser');
		$insertlogs = array();
		foreach($awardusers as $rt){
			if($type==1){
				if($md_ifmsg){
					$message=array(
						$rt['username'],
						$winduid,
						'metal_add',
						$timestamp,
						"metal_add_content",
						'',
						$windid
					);
					writenewmsg($message,1);
				}
			}elseif($type==2){
				if($md_ifmsg){
					$message=array(
						$rt['username'],
						$winduid,
						'metal_cancel',
						$timestamp,
						"metal_cancel_content",
						'',
						$windid
					);
					writenewmsg($message,1);
				}
				$timelimit=0;
				$db->update("UPDATE pw_medalslogs SET state='1' WHERE awardee='$rt[username]' AND level='$medal'");
			}else{
				Showmsg('illegal_request');
			}
			$rt['medals']==',' && $rt['medals']='';
			$db->update("UPDATE pw_members SET medals='$rt[medals]' WHERE uid='$rt[uid]'");
			$insertlogs[] = "('$rt[username]','$windid','$timestamp','$timelimit','$medal','$type','$reason')";
		}
		if(count($insertlogs)){
			$sql = "INSERT INTO pw_medalslogs(awardee,awarder,awardtime,timelimit,level,action,why) VALUES".implode(',',$insertlogs);
			$db->update($sql);
		}
		updatemedal_list();
		refreshto("$basename&action=list",'operate_success');
	}
} elseif($action=='log'){
	$groupid == 'guest' && Showmsg('not_login');
	if(!$_GET['job']){
		InitGP(array('page'));
		require_once(R_P.'require/forum.php');
		(!is_numeric($page) || $page < 1) && $page = 1;
		$limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage";
		$rt    = $db->get_one("SELECT COUNT(*) AS sum FROM pw_medalslogs WHERE action<>3");
		$pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&action=log&");

		$logdb = array();
		$query = $db->query("SELECT * FROM pw_medalslogs WHERE action<>3 ORDER BY id DESC $limit");
		while($rt = $db->fetch_array($query)){
			$rt['awardtime'] = get_date($rt['awardtime'],'y-m-d h:i');
			$logdb[] = $rt;
		}
		require_once PrintHack('index');footer();
	} elseif($_GET['job']=='del'){
		$groupid != '3' && Showmsg('medal_dellog');
		$id = (int)GetGP('id');
		$rt = $db->get_one("SELECT id,state,action,timelimit FROM pw_medalslogs WHERE id='$id'");
		if($rt['action']==1 && $rt['state']==0 && $rt['timelimit']>0){
			Showmsg('medallog_del_error');
		}
		$db->update("DELETE FROM pw_medalslogs WHERE id='$id'");
		refreshto("$basename&action=log",'operate_success');
	}else{
		Showmsg('illegal_request');
	}
} elseif($action=='apply'){
	!$md_ifapply && Showmsg('medal_appclose');
	if(strpos($md_appgroups,",$groupid,")===false){
		Showmsg('medal_appgroupright');
	}
	$appcheck = $db->get_one("SELECT id FROM pw_medalslogs WHERE awardee='$windid' AND action=3");
	$appcheck && Showmsg('medal_haveapp');
	if(!$_POST['step']){
		$id = (int)GetGP('id');
		require_once PrintHack('index');footer();
	} elseif($_POST['step']==2){
		InitGP(array('reason','medal','timelimit'));
		!$reason && Showmsg('medal_noreason');
		$medal  = (int)$medal;
		!$medal && Showmsg('medal_nomedal');
		$reason = Char_cv($reason);
		$timelimit = (int)$timelimit;
		$userdb['medals'] && in_array($medal,$userdb['medals']) && Showmsg('medal_alreadyhaveself');
		$db->update("INSERT INTO pw_medalslogs(awardee,awardtime,timelimit,level,action,why) VALUES('$windid','$timestamp','$timelimit','$medal','3','$reason')");
		refreshto($basename,'operate_success');
	}else{
		Showmsg('illegal_request');
	}
} elseif($action=='approve'){
	!$md_ifapply && Showmsg('medal_appclose');
	if(strpos($md_groups,",$groupid,")===false){
		Showmsg('medal_groupright');
	}
	$job = Char_cv(GetGP('job'));
	if(!$job){
		InitGP(array('page'));
		require_once(R_P.'require/forum.php');
		(!is_numeric($page) || $page < 1) && $page = 1;
		$limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage";
		$rt    = $db->get_one("SELECT COUNT(*) AS sum FROM pw_medalslogs WHERE action=3");
		$pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&action=approve&");

		$appdb = array();
		$query = $db->query("SELECT * FROM pw_medalslogs WHERE action=3 ORDER BY id ASC $limit");
		while($rt = $db->fetch_array($query)){
			$rt['awardtime'] = get_date($rt['awardtime'],'y-m-d h:i');
			$appdb[] = $rt;
		}
		require_once PrintHack('index');footer();
	} elseif($job=='pass'){
		$id = GetGP('id');
		if(is_array($id)){
			foreach($id as $key=>$val){
				$val = (int)$val;
				if($val){
					$id[$key] = $val;
				}else{
					unset($id[$key]);
				}
			}
			if(count($id)){
				$id = implode(',',$id);
			}else{
				Showmsg('medal_iderror');
			}
		} else{
			$id = (int)$id;
			!$id && Showmsg('medal_iderror');
		}
		require_once(R_P.'require/msg.php');
		$rs = $db->query("SELECT l.level,l.why,m.uid,m.username,m.medals FROM pw_medalslogs l LEFT JOIN pw_members m ON l.awardee=m.username WHERE l.id IN($id)");
		while ($rt = $db->fetch_array($rs)){
			Add_S($rt);
			$medal 	= $rt['level'];
			$reason = $rt['why'];
			if($rt['medals'] && strpos(",$rt[medals],",",$medal,")!==false){
				continue;
			} elseif($rt['medals']){
				$medals="$rt[medals],$medal";
			} else{
				$medals=$medal;
			}
			if($md_ifmsg){
				$message=array(
					$rt['username'],
					$winduid,
					'metal_add',
					$timestamp,
					"metal_add_content",
					'',
					$windid
				);
				writenewmsg($message,1);
			}
			$medals==',' && $medals='';
			$db->update("UPDATE pw_members SET medals='$medals' WHERE uid='$rt[uid]'");
		}
		$db->free_result();
		unset($medal,$medals,$reason);
		$db->update("UPDATE pw_medalslogs SET awarder='$windid',awardtime='$timestamp',action='1' WHERE id IN($id)");
		updatemedal_list();
		refreshto("$basename&action=approve",'operate_success');
	} elseif($job=='del'){
		$id = GetGP('id');
		require_once(R_P.'require/msg.php');
		if(is_array($id)){
			foreach($id as $key=>$val){
				$val = (int)$val;
				if($val){
					$id[$key] = $val;
				}else{
					unset($id[$key]);
				}
			}
			if(count($id)){
				$id = implode(',',$id);
				if($md_ifmsg){
					$query = $db->query("SELECT awardee,level,why FROM pw_medalslogs WHERE id IN($id)");
					while($rt = $db->fetch_array($query)){
						$medal 	= $rt['level'];
						$reason = $rt['why'];
						$message=array(
							$rt['awardee'],
							$winduid,
							'metal_refuse',
							$timestamp,
							"metal_refuse_content",
							'',
							$windid
						);
						writenewmsg($message,1);
					}
				}
				$db->update("DELETE FROM pw_medalslogs WHERE id IN($id)");
			}else{
				Showmsg('medal_iderror');
			}
			
		} else{
			$id = (int)$id;
			!$id && Showmsg('medal_iderror');
			if($md_ifmsg){
					$rt = $db->get_one("SELECT awardee,level,why FROM pw_medalslogs WHERE id='$id'");
					!$rt && Showmsg('medal_iderror');
					$medal 	= $rt['level'];
					$reason = $rt['why'];
					$message=array(
						$rt['awardee'],
						$winduid,
						'metal_refuse',
						$timestamp,
						"metal_refuse_content",
						'',
						$windid
					);
					writenewmsg($message,1);
				}
			$db->update("DELETE FROM pw_medalslogs WHERE id='$id'");
		}
		refreshto("$basename&action=approve",'operate_success');
	}else{
		Showmsg('illegal_request');
	}
}else{
	Showmsg('illegal_request');
}

function updatemedal_list(){
	global $db;
	$query   = $db->query("SELECT uid,medals FROM pw_members WHERE medals!=''");
	$medaldb = '<?php die;?>0';
	while($rt=$db->fetch_array($query)){
		if(str_replace(',','',$rt['medals'])){
			$medaldb .= ','.$rt['uid'];
		}
	}
	writeover(D_P.'data/bbscache/medals_list.php',$medaldb);
}
?>